Vice President Cyber Operations & Chief Information Security Officer, Royal Bank of Canada
Gone are the days when small businesses could fly below the radar of cyber criminals. Hacking small business is big business.
In recent years, high-profile cyberattacks and data leaks have affected some of the biggest corporations and most powerful governments in the world. But it’s not only the biggest fish that get caught in the hackers’ nets. According to Statistics Canada, 19 percent of businesses with 10 to 49 employees, and 28 percent of those with 50 to 249 employees, reported being impacted by a cybersecurity incident that affected operations. And for smaller businesses, the fallout from a data breach can be devastating.
Cyberattacks are a matter of “when,” not “if”
A breach can be caused by something as simple as an employee opening an email that should have been quarantined, or downloading a piece of software with hidden malware. Since business owners have information that’s valuable to cyber criminals, there are also malicious online bots running 24/7, probing every network they can find for weak passwords or unpatched vulnerabilities. Regardless of how it happens, once your system has been compromised, it’s just a matter of time before the trouble begins.
Personal and financial information can be stolen and misused or publicized. Server downtime may leave employees unable to work. Website takeovers can erode trust and lock out customers. In every case, damage control and repair after the fact are more expensive and time-
consuming than effective prevention would have been.
Preparedness starts with employee training.
Cybersecurity is risk management
“You have to understand that cyber risk is just another risk that your business has to manage now,” says Adam Evans, Vice President of Cyber Operations and Chief Information Security Officer at the Royal Bank of Canada (RBC). “Thirty years ago in the banking world, if you were going to build a branch in a highly-volatile neighbourhood, you would not put that branch out there without locks on the doors, alarm systems, cameras and a vault. Similarly, when operating a business with a cyber or internet presence, it’s a highly-volatile environment and you’ve got to take the right precautions to make sure your business remains viable in that environment.It’s all about education and understanding the risks.”
Preparedness starts with employee training. Straightforward education about things like password and email hygiene, WiFi security, and account management can mitigate a lot of risks up front. Technology and software, like firewalls and anti-malware programs, are also important tools, though no technological solution will keep you perfectly safe from the innovation of cyber criminals. At the end of the day, teams of dedicated hackers need to be counteracted by teams of dedicated cybersecurity professionals. Of course, that represents an expense that many small- and medium-sized businesses find difficult to bear.
Therefore, it’s critical for Canadian businesses to stay informed to protect themselves in today’s digital landscape. To help business owners, RBC has created resources for small- and medium-sized businesses to manage cyber risk. With the right knowledge, you can ensure that your digital doors are as well-secured as your physical ones.